techrepublic cheat sheet

Code hosting website GitHub announced today a new service for its customers that will allow developers and organizations an easy way to generate "packages" from their code.

Packages are specially-crafted archives that can be installed by package managers --special software that simplifies the loading of libraries and modules inside coding projects.

GitHub's new feature --called the GitHub Package Registry-- will support generating packages for package managers such as:

npm (JavaScript)

Maven (Java)

RubyGems (Ruby)

NuGet (.NET)

Docker images (for Docker's OS virtualization software)

Other package managers will also be supported in the future, GitHub product manager Simina Pasat said in a blog post today.

A new tab will be added to the GitHub interface where an account or organization's packages will be listed.

Image: GitHub

GitHub's new Package Registry will also support pre-releases, so organizations and open-source communities can test packages internally with employees or fellow project members, before releasing a public version.

Once a public package is generated from the GitHub project's source code, the project can be hosted on GitHub, exclusively, or promoted to a public package manager's infrastructure.

Advantages to using GitHub's new Package Registry

While some might think that GitHub is taking a jab at central package manager repositories by trying to subvert their userbases, this is not so. Developers will continue to use tools like npm, RubyGems, Maven, and NuGet to install packages in their code.

All that GitHub is doing is to provide an easier way to generate these packages, and optionally distribute them from its site for situations that require private package hosting.

Furthermore, besides an automated package-generation process and private hosting, there are other benefits to using GitHub's new service, such as the company's extensive security features, Pasat said.

This includes having the ability to control the entire flow of a project from its inception, coding, and publication. Controlling this entire process only from GitHub accounts, without having to switch to npm, RubyGems, or Maven profiles, reduces entry points that attackers can exploit to poison a project's artifacts.

On top of this, GitHub also alerts developers about vulnerabilities in a project's downstream libraries for Java, .NET, JavaScript, Ruby, and Python repositories, and GitHub also scans a project's source code for API keys and tokens that a developer might have forgotten inside by accident.

GitHub is today's top code hosting destination. The startup was acquired by Microsoft in June 2018 for $7.5 billion.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.